In this week’s episode of the Podcast (#155): Jerome Segura of Malwarebytes joins us to talk about how disinformation campaigns and cyber crime are part of the same toxic cocktail in the world’s trouble spots, like Ukraine. Also: Adam Meyers of CrowdStrike joins us to talk about that company’s first ever report on mobile malware, which is gaining currency with advanced persistent threat (APT) groups.
Author: Paul Roberts
Serious and exploitable security flaws in VxWorks, a commonly used operating system for embedded devices, span 13 years and could leave hundreds of millions* of connected devices vulnerable to remote cyber attacks and hacks. The security firm Armis on Monday published a warning about 11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices, according to Ben Seri, the Vice President of Research at Armis. Move over, EternalBlue! At least a couple of the flaws were described as “more serious” than EternalBlue, the Microsoft Windows flaw that powered both the WannaCry and NotPetya malware outbreaks. SCADA and industrial control system devices, healthcare devices like patient monitors and MRI machines, as well […]
In this Spotlight edition of The Security Ledger Podcast, sponsored by CyberArk*, we interview serial entrepreneur Gil Rapaport about his latest creation: Alero, a new remote authentication tool that promises to fix remote vendor access by doing away with passwords…and agents…and VPNs. If that sounds like a tall order, check out our podcast to learn how he does it!
The Pentagon calls cyberspace “the fifth domain” of conflict. But what does that mean? And how do you defend a human-made space that’s everywhere and nowhere? In this episode of the podcast, Richard Clarke joins us to discuss his new book, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats.
The deployment of DevOps tools and platforms at many organizations recalls the bad old days of the 1990s, with lax control of authentication, loose configuration and scant attention to security, experts warn.